The last original LulzSec member looks nervously looking over his shoulder …

Update: (July 15, 2012) Someone claiming to be Avunit, the remaining original member of Lulzsec still at large, has claimed through Twitter that the person interviewed for this story (who was an admin on AnonOps IRC) was impersonating the real Avunit. It's apparent that either (1) @AvunitAnon is the actual Avunit and someone masqueraded as him within Anon IRC for over six months unchallenged; (2) the Twitter account is fake, or (3) Avunit is now denying the story to distance himself from his earlier comments.

The hacker known as "Avunit" left LulzSec well before the group "disbanded" last year, but he could still face charges—and he isn't sure whether he's been exposed or not.

In the wake of the indictments and arrests of all the other original members of LulzSec, Avunit says he's a "bag of nerves" and is preparing to drop out of the Anonymous universe entirely. He's now trying to figure out what to do next. In an Internet Relay Chat (IRC) conversation with Ars Technica, Avunit said, "[I'm] on a new laptop I bought today and everything else that could be incriminating has literally been burned."

"A good lesson"

The reaction among others on Anonymous IRC channels in the wake of the Sabu news was far from the angry, forceful one we saw in response to the arrests of 25 alleged Anonymous members in Chile, Argentina, Colombia, and Spain on February 28. One member urged others to remain calm and carry on: "Dont fucking panic...the lulzsec guys got infiltrated and were caught for HACKING not for being member of anonymous...anonymous is too big to go after, and the charges would be too small to actually do something.....but a good lesson for the sql injectors out there : dont boast about anything and trust NOONE ..stay ANONYMOUS!"

Among Anons, doubts about Sabu had been circulating for some time prior to the revelation of his informant status. Some members of Anonymous began to suspect he was working with the FBI after the LulzSec arrests last summer. LulzSec "disbanded" after the arrests, but some of the members continued to attack government and corporate website under the banner of "AntiSec."

"Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait," members of Anonymous claimed. "Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources."

Sabu remained a presence on the Anonymous IRC channels up untll this week. But as the news broke yesterday, administrators of the #anonops channel added his handle to the "bad word list"—anyone typing "sabu" would be automatically ejected from the channel.

"I'm done, bro"

For his part, Avunit split with LulzSec when the group began its attacks on government servers as part of its "Fuck FBI Friday" operations. Since then, he's been aligned with the AnonOps collective within Anonymous, where he has restricted himself mostly to working on denial-of-service tool development and guiding new recruits.

Avunit was shaken by Sabu's willingness to cooperate with authorities, especially since he learned much of the craft of hacking from Sabu. "I cant even describe what it's like to have someone that taught you, and quite honestly inspired me (and many others), turn on the very people that trusted him the most," he told me.

While sympathetic to the fact that Sabu's children may have influenced his decision, he didn't understand how Sabu could have put his family at risk in the first place. "Why would you get involved with something like this if you had kids that relied on you?" he asked. "If I had kids I would get a 'responsible' job/hobby."

As for his own involvement in Anonymous, Avunit said, "I think I'm done, bro." He was considering changing locations, but he said he was concerned about being picked up in transit, "because if I try and leave through an airport and they know my ID, it'd be like walking to prison and handing myself in."

At the end of the conversation, he logged off IRC with the quit message, "Adios anonops <3 ."

Since Sabu was the top guy giving orders, doesn't following his commands equate to entrapment? "After all, you honor, the FBI TOLD me to hack their server!" Doesn't that then mean they have given consent?

1. You were guilty of something2. You are going to be charged with destroying evidence

Why burn the laptop ? I can see shredding the hard drive, maybe replacing the ram. Sounds like someone is full on panic. He probably didn't burn it right anyways. I bet you can still get to the drive and pull the information out.

Tunnel (trough a log-less offshore VPN) your way in Tor and everything is going to be just fine.

SELinux is designed for sandboxing and process escalation. It doesn't do anything for privacy. There is also AppArmor which does the same thing. I believe openSUSE, Fedora and Ubuntu all use either SELinux or AppArmor.

"Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait," members of Anonymous claimed. "Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources."

There really needs to be a better way to talk about these things.

On one hand, as we're repeatedly reminded, 'Anonymous' is not an organized group, and any one can claim they are acting on behalf of 'anonymous' just by saying so. If this is completely true, it is not meaningful to talk about Anonymous -- one could just substitute a phrase like 'some people on the Internet'. As in "some people on the Internet hacked into a bank" and "some people on the Internet express frustration with the FBI".

On the other hand, here we have people who self-identify as being members of Anonymous themselves talking about Anonymous as if it were a group with defined goals and morals and accusing other people who identify as being members of Anonymous as not being legitimate. Which suggests Anonymous really is a group.

How much leadership / group identity does Anonymous really have?

Maybe the appropriate metaphor would be to treat Anonymous like a religion. Analogously: Anyone can claim to be Christian just by saying so, and self-identified Christians regularly talk about what Christians should and should not do, and should and should not believe, as if 'Christianity' were a unified body. But while one can make some sensible generalizations, Christian political and moral philosophy is pretty diverse (especially at the level of individual practitioners, and especially when taken internationally) , and some people who identify as Christian will do and say things that other self-identified Christians will judge to be repugnant or even inherently non-Christian.

One issue I have is that they are giving away personal details whether they know it or not. Then, admitting to the destruction of evidence.

I actually have sympathy for "Avunit" with regards to their situation. I could certainly see how it would be difficult when a person you trusted and personally taught you how to do things suddenly flips, even if those things were intended to be used for an illegal purpose.

1. You were guilty of something2. You are going to be charged with destroying evidence

Why burn the laptop ? I can see shredding the hard drive, maybe replacing the ram. Sounds like someone is full on panic. He probably didn't burn it right anyways. I bet you can still get to the drive and pull the information out.

Maybe the appropriate metaphor would be to treat Anonymous like a religion. Analogously: Anyone can claim to be Christian just by saying so, and self-identified Christians regularly talk about what Christians should and should not do, and should and should not believe, as if 'Christianity' were a unified body. But while one can make some sensible generalizations, Christian political and moral philosophy is pretty diverse (especially at the level of individual practitioners, and especially when taken internationally) , and some people who identify as Christian will do and say things that other self-identified Christians will judge to be repugnant or even inherently non-Christian.

That's actually a really great way of explaining it. I hope you don't mind me re-using your metaphor privately.

To the people saying it's entrapment because Sabu encouraged them to act, how would that impact a court case that excluded charges for acts which were encouraged by the FBI? In other words, the FBI knowingly entrapped them merely to ascertain their identities and charge them for previous crimes (while ignoring the crimes they were encouraged to commit by the FBI).

The important question isn’t “why burn the laptop”, the more important question is why give the FBI another piece of info to triangulate you EDIT:by giving an equipment purchase detail to build a trail.

Quote:

[I'm] on a new laptop I bought today and everything else that could be incriminating has literally been burned.”

If they already knew for sure who (s)he was, they’d already be at the door before publicly reveling Sabu had been turned. He panicked.

Someone has to call out targets to organize attacks. Anonymous doesn't have a single leader, nor do they have strict controls on membership. But they do have a decentralized leadership system.

And if they want to establish that there are things others are doing in their name which they disapprove of (publicly releasing credit card info, harassing teenage girls who don't strip on webcams, attacking PBS, whatever) then someone needs to call that out.

However, members of Anonymous have taken credit for these actions under the name of Anonymous.

Yes, if you have a reasonable belief that it may be used as evidence in a lawsuit or prosecution of a crime, it would be considered spoliation. Obviously this guy thinks he's going to be prosecuted. IANAL but this is the way a law professor explained it to me.

Fascinating bunch of articles on Sabu and LulzSec/AntiSec Ars -- thanks a lot for all this coverage! Almost as good as the HBGary stuff...almost

Question (a stupid one?) to the lawyers out there: Since the FBI was using Sabu for close to a year, and within that time they were fully aware of hacks and leaking of info by Anon (eg: credit card info, et al. from Stratfor servers), could they in any way be held liable? Probably not in a criminal case, but how about a civil one?

Why do I get the feeling the FBI is a few days from rolling these fuckers up? Some of these bitches are going to do some serious time under RICO or other criminal conspiracy statues for shit that they didn't even know about.

"Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait," members of Anonymous claimed. "Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources."

There really needs to be a better way to talk about these things.

On one hand, as we're repeatedly reminded, 'Anonymous' is not an organized group, and any one can claim they are acting on behalf of 'anonymous' just by saying so. If this is completely true, it is not meaningful to talk about Anonymous -- one could just substitute a phrase like 'some people on the Internet'. As in "some people on the Internet hacked into a bank" and "some people on the Internet express frustration with the FBI".

On the other hand, here we have people who self-identify as being members of Anonymous themselves talking about Anonymous as if it were a group with defined goals and morals and accusing other people who identify as being members of Anonymous as not being legitimate. Which suggests Anonymous really is a group.

How much leadership / group identity does Anonymous really have?

Maybe the appropriate metaphor would be to treat Anonymous like a religion. Analogously: Anyone can claim to be Christian just by saying so, and self-identified Christians regularly talk about what Christians should and should not do, and should and should not believe, as if 'Christianity' were a unified body. But while one can make some sensible generalizations, Christian political and moral philosophy is pretty diverse (especially at the level of individual practitioners, and especially when taken internationally) , and some people who identify as Christian will do and say things that other self-identified Christians will judge to be repugnant or even inherently non-Christian.

Off topic, but I would say you are more talking about the different Christian Churches/sects rather than the Christian belief.

To the people saying it's entrapment because Sabu encouraged them to act, how would that impact a court case that excluded charges for acts which were encouraged by the FBI? In other words, the FBI knowingly entrapped them merely to ascertain their identities and charge them for previous crimes (while ignoring the crimes they were encouraged to commit by the FBI).

Wouldn't that fall into Poisonous Tree and become inadmissible? Just wondering.

Protip: Do not admit to destroying evidence in a public and recorded fashion.

Bingo. You are now guilty of obstruction of justice at the very least. And the absence of evidence is now damning rather than helping your case.

Absence of something carries as much weight in favour of the defendant as it does against. In other words it means nothing. Now if some evidence is found, then it is more likely it would be damaging, but if Avunit has thoroughly destroyed and disposed of all the evidence he can and has remained anonymous then I somehow doubt much could be done.

To the people saying it's entrapment because Sabu encouraged them to act, how would that impact a court case that excluded charges for acts which were encouraged by the FBI? In other words, the FBI knowingly entrapped them merely to ascertain their identities and charge them for previous crimes (while ignoring the crimes they were encouraged to commit by the FBI).

Wouldn't that fall into Poisonous Tree and become inadmissible? Just wondering.

On one hand, as we're repeatedly reminded, 'Anonymous' is not an organized group, and any one can claim they are acting on behalf of 'anonymous' just by saying so. If this is completely true, it is not meaningful to talk about Anonymous -- one could just substitute a phrase like 'some people on the Internet'. As in "some people on the Internet hacked into a bank" and "some people on the Internet express frustration with the FBI".

Moral of the story: You can't have it both ways. Either identify yourselves or STFU when people hijack your (supposed) identity.

Same thing is happening with SuperPACs to a certain degree and in that case will likely only get worse before it gets better.

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.